A few friends from school and I are messing around with writing a chat server/client. We are writing it in java, and now we are at the stage where we are trying to get people unique ids and logging in. Just curious as to the best practices for handling user input like usernames and passwords as they are passed over the net. I don't want them showing up in plaintext in something like wireshark if someone captures traffc on the network. I also don't want them being stored as plaintext on the server as well. Does java have any utility's built in for helping out and what should we read/research in order to provide a secure program and protect our users data?
Annuate 2 Newbie Poster
pinsickle 17 Junior Poster in Training
The easiest way would not be not to store the password but a hash of the password. That way even if your packets are sniffed the person only sees garbage. When the user creates a password or logs in you can hash the password prior to sending it over the the network. The on the server side you can compare the send hash to the hash you have stored for the user in your database. Just Google hashing with salt to see examples.
iamthwee commented: Agrees +15
stevanity 4 Posting Whiz in Training
Also dont use String objects to store sensitive data. Use a character array for it when you want to process it or compare them, and they safely fill the char array with some garbage data after use.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.